IT Compliance Advisor

Feb 15 2012   9:18PM GMT

Cybersecurity Act of 2012 forges new path but faces old criticism

Ben Cole Ben Cole Profile: Ben Cole

After three years of hearings and negotiations, a group of Senate Committee leaders unveiled the Cybersecurity Act of 2012.

Under the new Cybersecurity Act, the Department of Homeland Security would assess the cyber-related risks and vulnerabilities of “critical infrastructure systems” to determine which should be required to meet a set of risk-based security standards. This would include those systems that, should they be disrupted, would cause mass death, evacuation or major damage to the economy and national security.

The Cybersecurity Act outlines several characteristics that stress it’s a public/private partnership, including:

  • DHS would work with the owners/operators of designated critical infrastructure to develop risk-based performance requirements.
  • The owners of a covered system would themselves determine how best to meet the performance requirements and then verify that they were compliant.
  • The private sector and the federal government would actively share information surrounding threats, incidents, best practices and fixes, “while maintaining civil liberties and privacy.”

The senators were definitely not working in a vacuum — they made a conscious effort to curb criticism that plagued previous online security measures. The senators stressed that the Cybersecurity Act of 2012 “in no way” resembles the Stop Online Piracy Act (SOPA) or the Protect Intellectual Property Act (PIPA), and instead focuses on the “essential services that keep our nation running.” The Senators also omitted emergency authorities for the president, likely because of the backlash around the Internet “kill switch” proposed in an earlier version of the Cybersecurity Act.

But despite efforts to distance it from previous online security legislation, the new Cybersecurity Act is already facing criticism — some of it very familiar.

Opponents — including the Financial Services Roundtable and the U.S. Chamber of Commerce — have decried the act’s provisions and say it would create yet another burdensome, costly regulatory compliance mandate. Others are still concerned about the potential privacy implications the Cybersecurity Act could create — likely a hangover from the lengthy debate surrounding SOPA and PIPA from earlier this year.

So will the Cybersecurity Act of 2012 strike the right balance between protecting data and not hurt the companies it’s designed to help? The debate will begin in earnest tomorrow, when the Homeland Security & Governmental Affairs Committee will hold its first hearing on the Cybersecurity Act. The hearing is likely to address these questions and more, as it begins the latest chapter in the ongoing cybersecurity debate.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: